a Node.js CLI created to simplify the analysis of npm registry packages.
I personally created this project to analyze npm packages by various criteria (popularity etc). Most researchers re-create the same codes over and over again and I thought it might be nice to have a CLI and various methods to simplify our lives.
- Pull packages from the npm registry by divers criteria.
- Offers you various methods to read and extract information from the npm tarball.
- Include js-x-ray by default.
- Functionalities can be extended
- Node.js v14 or higher
This package is available in the Node Package Repository and can be easily installed with npm or yarn.
$ npm i npm-security-fetcher -g
or
$ git clone https://github.com/fraxken/npm-security-fetcher.git
$ cd npm-security-fetcher
$ npm ci
$ npm link
Then the nsf binary will be available in your terminal.
$ nsf --help
The first step is to create a javascript file with three methods:
- init (run before fetching and extracting packages from the npm registry).
- run (called for each downloaded npm packages).
- close (run at the end when there is no more packages to fetch).
This script must use the latest Node.js ESM (it also support top-level-await).
import path from "path";
export async function init() {
const baseDir = path.join(process.cwd(), "results");
return { baseDir }; // <-- init and return context object!
}
export async function close(ctx) {
console.log("close triggered");
}
export async function run(ctx, { name, location, root }) {
console.log(ctx.baseDir);
console.log(`handle package name: ${name}, location: ${location}`);
}
There is no restriction on the nature of the context.
After editing your file you can run your script as follows
$ nsf npm myfile.js
The root folder "example" contains real world examples that are used (for js-x-ray etc).
Thanks goes to these wonderful people (emoji key):
Gentilhomme 💻 📖 👀 🛡️ 🐛 |
Nicolas Hallaert 📖 |
MIT